Lead development of security strategy aligned to client business goals.
Guide risk management practices including risk registers and threat modeling.
Provide executive-level oversight of regulatory compliance programs.
Jobgether uses an AI-powered matching process to ensure applications are reviewed fairly. Their system identifies the top-fitting candidates and shares this shortlist with the hiring company.
Lead SOC 2 and ISO programs through the full audit lifecycle.
Build integrations that continuously gather compliance evidence from AWS, GitHub, identity providers, and internal systems.
Evaluate and monitor third-party vendors for security and compliance risk.
Fieldguide is establishing a new state of trust for global commerce and capital markets through automating and streamlining the work of assurance and audit practitioners. The company is based in San Francisco, CA, and built as a remote-first company with a team that is inclusive, driven, humble and supportive.
Lead the configuration and management of GRC tools to ensure integration with security systems.
Manage the main dashboard for SOC 2 reporting, ensuring accuracy and compliance.
Develop and maintain a comprehensive risk management program and conduct risk assessments.
Engine is transforming business travel into something personalized, rewarding, and simple. They have over 20,000 companies relying on Engine to support over 1 million travelers and billions in annual bookings each year and have been recognized as one of the fastest-growing travel and fintech platforms in North America.
Own and operate compliance programs such as SOC 2, ISO 27001, ISO27701, HIPAA, and TISAX.
Lead and manage internal, external, and customer audits end-to-end.
Track, remediate, and validate 100% of audit findings within agreed SLAs.
Airtable is the no-code app platform that empowers people closest to the work to accelerate their most critical business processes. More than 500,000 organizations rely on Airtable to transform how work gets done and they strive to create a workplace where everyone has an equal opportunity to thrive.
Work with private equity and portfolio company clients, consulting on how to apply an information security vision and strategy in alignment with customer business objectives.
Work with customers to assess and address information security risks.
Assist in managing customer security programs including the achievement and/or maintenance of key compliance initiatives such as SOC, ISO27001, NIST, PCI, and SOX.
Crosslake supports changemakers and helps them buy, build, and run better technology. They believe in a programmatic, proactive approach to actively manage technology throughout the investment lifecycle.
Own and lead enterprise-level compliance programs.
Define and mature ISO 27001 and ISO 42001 control environments and SOX 404 ITGCs.
Act as a subject matter expert and internal consultant for various teams.
Spring Health aims to eliminate mental health barriers with its clinically validated technology, Precision Mental Healthcare. They partner with over 450 companies, providing care for 10 million people and are valued at $3.3 billion.
Serve as the primary vCISO and subject matter expert for multiple clients.
Lead data-centric cybersecurity programs aligned to business risk.
Manage, mentor, and develop vCISO team members.
Coretelligent partners with growing, highly regulated organizations that need secure, dependable IT environments built to scale. They deliver managed IT, cybersecurity, cloud, and strategy, through a model designed for consistency, transparency, and trust. They are building a team of professionals who care deeply about quality, ownership, and continuous improvement.
Own day-to-day execution of SOC 1, SOC 2, PCI DSS, and ISO 27001 readiness and audit cycles.
Develop and maintain policies, procedures, risk assessments, control narratives, and supporting documentation.
Facilitate risk assessments for systems, vendors, products, and business initiatives.
Astra is building mission-critical infrastructure for moving money at scale. Their platform processes billions in annual transaction volume with 99.9%+ uptime, powering real-time transfers, bank debits, card disbursements, and complex financial compliance systems.
Establish and maintain the organization’s enterprise-wide information security program.
Ensure compliance with healthcare and international security standards.
Develop and deliver security awareness training to employees.
MIE provides solutions that make a meaningful difference in healthcare. Founded in 1995, MIE serves as the innovation engine for business units that serve hospitals and health systems, physician practices, Fortune 500 employers, government agencies, and consumers.
Lead and mature Material Bank’s enterprise information security program.
Own the security risk management framework, including risk identification, scoring, tracking, and executive reporting.
Own detection, incident response, and resilience strategy.
Material Bank operates the world’s largest material marketplace for the architecture and design industry, connecting designers with materials from leading brands. They operate in 37 countries and their platform is the standard for design professionals around the globe.
Own the 24‑month global security roadmap developed with an external partner; drive planning, resource allocation, cross‑region rollout, milestone tracking, and KPI delivery.
Lead the cybersecurity transformation: redesign the security operating model, establish regional capability hubs, hire and upskill teams, and integrate security into engineering and product lifecycles.
Modernize security tooling and architecture: define global architecture for IAM, cloud security, vulnerability management, SIEM/XDR, DLP, and secure SDLC integrations; manage vendor selection and lifecycle.
Black Duck Software, Inc. helps organizations build secure, high-quality software, minimizing risks while maximizing speed and productivity. With a combination of industry-leading tools, services, and expertise, Black Duck helps organizations maximize security and quality in DevSecOps and throughout the software development life cycle.
Coordinate compliance with standards (PCI, HIPAA, ISO 27002, SOC 1/2/3, FISMA/FedRAMP, etc.) under guidance.
Maintain evidence repositories and partner with SMEs to refresh artifacts.
Coordinate audits and certification efforts, partnering with support teams on timelines and resourcing.
Experian is a global data and technology company, powering opportunities for people and businesses around the world. As a FTSE 100 Index company listed on the London Stock Exchange (EXPN), they have a team of 22,500 people across 32 countries.
Own a portfolio of security programs (planning, resourcing, milestones, dependencies, risk/issue management, and outcomes).
Create and maintain multi-quarter roadmaps aligned to Keyrock’s business and operating model across venues and services (CEX/DEX and liquidity services).
Establish governance and operating cadence: steering meetings, status reporting, program reviews, and executive updates.
Keyrock is a leading change-maker in the digital asset space, renowned for its partnerships and innovation. They have over 200 team members around the world with a diverse team hailing from 42 nationalities, with backgrounds ranging from DeFi natives to PhDs.
Lead comprehensive security audits of client security operations programs.
Analyze security monitoring and alerting to perform a gap analysis.
Conduct cyber risk assessments using industry frameworks.
They build cybersecurity software and solutions. Palo Alto Networks challenges the status quo, and they are looking for innovators who are as committed to shaping the future of cybersecurity as they are.
Lead the development, implementation, and continuous improvement of a comprehensive healthcare privacy and compliance program.
Ensure all organizational operations meet and exceed regulatory, governance, and client standards, including HIPAA, HITRUST, SOC2, and Medicare/Medicaid requirements.
Proactively identify and mitigate compliance risks across the enterprise.
EPIC Insurance Brokers & Consultants is one of the fastest-growing firms in the insurance industry. They have over 3,000 employees nationwide and are headquartered in San Francisco. Their core values are: Owner mindset, Inspire trust, Think big, and Drive results.
Conduct day-to-day risk ticket analysis and lead in-depth assessments of product launches and infrastructure changes.
Further operationalize and mature the One Twilio Risk Management framework leveraging risk management frameworks.
Build and optimize automated workflows that bridge the gap between compliance requirements and engineering productivity.
Twilio is shaping the future of communications, delivering innovative solutions to hundreds of thousands of businesses and empowering millions of developers worldwide. They have a strong culture of connection and global inclusion and are dedicated to remote-first work.
Scale, automate, and optimize existing GRC, compliance, and customer assurance programs.
Optimize and automate an existing third-party risk program by improving risk signal quality.
Evaluate, implement and maintain GRC tooling with a focus on AI-powered automation to minimize operational overhead.
Monarch is a personal finance platform designed to simplify finances. They are a fully remote team of do-ers led by experienced entrepreneurs passionate about helping members reach their financial goals, hyper-focused on building a product people love and evolving based on user feedback.
Contribute to the cybersecurity governance framework, aligned with international standards.
Perform security audits, gap analyses, and cyber risk assessments.
Support Business Continuity Management (BCM) and IT Disaster Recovery (DR) activities.
Prima uses data and tech to rethink motor insurance, offering a great experience at a great price. They are a trusted provider for over 4 million drivers and are expanding in the UK and Spain, with over 300 engineers in the Engineering Department.
Lead compliance projects translating requirements to actionable plans.
Develop/implement compliance programs and training to ensure alignment.
Monitor progress/metrics, ensuring deadlines are met and objectives achieved.
Jobgether uses an AI-powered matching process to ensure your application is reviewed quickly and fairly against the role's core requirements. They identify the top-fitting candidates, and this shortlist is then shared directly with the hiring company where the internal team manages final decisions.